Block spoofing emails

We are using UTM as our mail gateway, lately, a lot of our users have received spoofing emails that appear from themself.

We use emailspooftest dotcom site to test our mail servers, and it detects the problem was 

Internal authentication is not enforced.

Fix: On inbound email gateways, only allow specific IP addresses to send mail from internal domains or force an auth challenge for internal domains. This is typically a relay setting.

Could anyone suggest how to fix this problem in Sophos? 

Parents Reply
  • Config looks ok.

    You should do an "open-relay-test" (included here https://mxtoolbox.com/diagnostic.aspx ) and check the mail-log afterwards.

    You should see "relay not permitted" for the mail from supertool@mxtoolboxsmtpdiag.com to test@mxtoolboxsmtpdiag.com

    ... but your mailsystem is configured to receive mail for users within your domain ... and it don't check if the sender is from your domain too. (may be, anoter location of your domain send the mail .. this may be ok)
    If you activate SPF-check and SPF is configured ok and there is no exception ... the system should not accept mails from mail servers not included within the SPF-record.
    You may PM me your domain and i will check the SPF record.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children